Mobile computing is an increasing part of everyday life; as devices become ubiquitous and more powerful, the complexity of tasks achieved away from the office on mobile devices grows. As the capabilities increase, so does the need to adhere to security protocols.
According to President Myers, “In addition to compliance, this policy protects students, faculty, and staff, by outlining the risks and liabilities for the use of personal devices. This policy protects University data/records and protects your personal documents.”
In addition to compliance, this policy protects faculty, students, and users by outlining the risks and liabilities for use of personal devices.
This does not only protect University data/records but also protects your personal documents. Unless specifically authorized, only Kansas State University’s mobile devices may be used to hold or process University records. Use of personal devices may open the device/account to litigation in the case of a Kansas Open Records Request; see PPM 3060: Kansas Open Records Act. Accessing information on a personal mobile device is acceptable since the information does not “live” on the device; however, downloading to a personal device violates the policy.
Highlights of the policy
- If you choose to use a personal device or account to do university business then that device is open to discovery and disclosure in any audit, open records request or investigation.
- This applies to many different devices: laptops, notebooks, tablets, smartphones, etc.
- If you use a personal email account to reply or conduct university business then that email account is open to disclosure in any audit, open records request or investigation.
- If a data breach/leak occurs and you were using an unapproved/unsupported storage system; ie personal Google Drive, personal Dropbox, etc. you will be at fault for the breach/leak and IT will have limited or no ability to help restore or secure data.
Resources:
- PPM 3091: Use of University Mobile Devices, Personal Devices, and Accounts.
- Guidelines for Managing the Security of Mobile Devices in the Enterprise.
For more information, contact Ryan Leimkuehler, University Records Manager, at rleimkue@ksu.edu.
